<?php
session_start();

include 'dbConn.php';
include 'nav.inc.php';
if (isset($_REQUEST['next_page']))
	$next_page = $_REQUEST['next_page'];
else
	$next_page = '0';

html_head('Philosophie - Login');
	if($next_page == '0'){
		echo("<div class='content' style='margin-left:350px'>");
		echo ("<form name='main' action='".$_SERVER['SCRIPT_NAME']."' method='post'>\n");
		echo("Kennung:<br>");
		echo("<input type='text' size='24' maxlength='50'");
		echo("name='kennung'><br><br>\n");

		echo("Passwort:<br>");
		echo("<input type='password' size='24' maxlength='50'");
		echo("name='password'><br>");

		echo("<input type='submit' value='Login'>");
		echo"<input type='hidden' name='next_page' value='1' />\n";
		echo("</form>");
		echo("</div>\n");
	}
	if($next_page == '1'){
		$kennung = $_POST["kennung"];
		$passwort = md5($_POST["password"]);
		$request = "SELECT m_lang, password, m_id FROM std_mitarbeiter WHERE kennung LIKE '$kennung' LIMIT 1";
		$result = mysql_query($request) or die(mysql_error());
		$row = mysql_fetch_object($result);
		
		if($row->password == $passwort){
			$_SESSION['username'] = $row->m_lang;
			$_SESSION['userid'] = $row->m_id;
			$query = "SELECT * FROM std_Rechte WHERE idMitarbeiter='".$_SESSION['userid']."'";
			$result_ma = mysql_query($query) or die(mysql_error());
			if($ma = mysql_fetch_object($result_ma)){
				$_SESSION['std'] = $ma->stunden;
				$_SESSION['vorlpl'] = $ma->vorlplaner;
				$_SESSION['tasks'] = $ma->tasks;
				
				if($_SESSION['userid'] == '15'){
					header("location:Vorlesungsplaner/index.php");
				}
				else{
					header("location:index.php");
				}
				if($_SESSION['userid'] == '1' || $_SESSION['userid'] == '2' || $_SESSION['userid'] == '16'){
					$_SESSION['set_kenn'] = '1';
				}
			}
			else{
				menu();
				echo("Achtung: Ihnen wurden keine Rechte zugewiesen!");
			}
			
		}
		else{
			echo("<div class='content' style='margin-left:350px'>");
			echo "Benutzername und/oder Passwort waren falsch. <a href=\"login.php\">Login</a>";
			echo("</div>");
		}
	}

?> 
